bionic (1) espsecure.1.gz

Provided by: esptool_2.1+dfsg1-2_all bug

NAME
       espsecure - ESP32 Secure Boot & Flash Encryption tool


DESCRIPTION
       usage: espsecure [OPTION] COMMAND

   command arguments:
       Run espsecure {command} -h for additional help

       digest_secure_bootloader
              Take a bootloader binary image and a secure boot key, and output a combined digest+binary suitable
              for flashing along with the precalculated secure boot key.

       generate_signing_key
              Generate a private key for signing secure boot images.  Key file is generated in PEM  format,  and
              contains a ECDSA NIST256p private key and matching public key.

       sign_data
              Sign a data file for use with secure boot. Signing algorithm is determinsitic ECDSA w/ SHA-512.

       verify_signature
              Verify a data file previously signed by "sign_data", using the public key.

       extract_public_key
              Extract the public verification key for signatures, save it as a raw binary file.

       digest_private_key
              Generate  an SHA-256 digest of the private signing key.  This can be used as a reproducible secure
              bootloader or flash encryption key.

       generate_flash_encryption_key
              Generate a development-use 32 byte flash encryption key with random data.

       decrypt_flash_data
              Decrypt some data read from encrypted flash (using known key)

       encrypt_flash_data
              Encrypt some data suitable for encrypted flash (using known key)

   optional arguments:
       -h, --help
              show this help message and exit


EXAMPLES
       Flash Espressif AT v1.4 firmware to an ESP-12S board:

              esptool   write_flash   --flash_mode   dio   --flash_size   4MB-c1   0x00   boot_v1.7.bin   0x1000
              at/1024+1024/user1.2048.new.5.bin  0xfe000  blank.bin  0x3fc000 esp_init_data_default.bin 0x3fe000
              blank.bin

       Display ESP32 efuse state summary:

              espefuse --port /dev/ttyUSB0 summary

       Generate a flash encryption key:

              espsecure generate_flash_encryption_key key.bin

       Burn the key to the device (WARNING: one time only operation):

              espefuse --port /dev/ttyUSB1 burn_key flash_encryption key.bin

       Encrypt flash data:

              espsecure  encrypt_flash_data  --keyfile  key.bin  --address   0x10000   -o   my-app-encrypted.bin
              my-app.bin


AUTHOR
       esptool.py  was  started  by  Fredrik Ahlberg as an unofficial community project, currently maintained by
       Angus Gratton and supported by Espressif Systems (Shanghai) PTE LTD. This manual page  was  generated  by
       Milan Kupcevic <milan@debian.org> for the Debian project and can be used by others.


REPORTING BUGS
       Review: <https://github.com/espressif/esptool/#troubleshooting>
       Known issues: <https://github.com/espressif/esptool/issues>
       Report new issues at: <https://github.com/espressif/esptool/issues/new>


       Copyright  ©  2014-2016  Fredrik  Ahlberg,  Angus  Gratton,  Espressif  Systems (Shanghai) PTE LTD, other
       contributors as noted.  License GPLv2+: GNU GPL version 2  or  later  <http://gnu.org/licenses/gpl.html>.
       This  is  free software: you are free to change and redistribute it.  There is NO WARRANTY, to the extent
       permitted by law.


SEE ALSO
       esptool(1), espefuse(1), espsecure(1)